public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) { if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) { return; // administrator can access all jobs } var currentUserId = UserManager.CurrentUserId; var pm = PersistenceManager; var jobDao = pm.JobDao; var projectDao = pm.ProjectDao; pm.UseTransaction(() => { var job = jobDao.GetById(jobId); if (job == null) { throw new SecurityException(JOB_NOT_EXISTENT); } // check if user is granted to administer a job-parenting project var administrationGrantedProjects = projectDao .GetAdministrationGrantedProjectsForUser(currentUserId) .ToList(); if (administrationGrantedProjects.Contains(job.Project)) { return; } AuthorizeJob(pm, jobId, requiredPermission); }); }
public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) { var pm = PersistenceManager; pm.UseTransaction(() => { AuthorizeJob(pm, jobId, requiredPermission); }); }
private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission) { var requiredPermissionEntity = requiredPermission.ToEntity(); DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId); if (permission == Permission.NotAllowed || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) { throw new SecurityException(NOT_AUTHORIZED); } }
public static DA.Permission ToEntity(this DT.Permission source) { switch (source) { case DT.Permission.Full: return(DA.Permission.Full); case DT.Permission.NotAllowed: return(DA.Permission.NotAllowed); case DT.Permission.Read: return(DA.Permission.Read); default: return(DA.Permission.NotAllowed); } }
public void GrantPermission(Guid jobId, Guid grantedUserId, DT.Permission permission) { RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); AuthorizationManager.AuthorizeForJob(jobId, Permission.Full); var pm = PersistenceManager; using (new PerformanceLogger("GrantPermission")) { var jobPermissionDao = pm.JobPermissionDao; var currentUserId = UserManager.CurrentUserId; pm.UseTransaction(() => { jobPermissionDao.SetJobPermission(jobId, currentUserId, grantedUserId, permission.ToEntity()); pm.SubmitChanges(); }); } }
public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) { if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) { return; // slave-users can access all tasks } var pm = PersistenceManager; var taskDao = pm.TaskDao; pm.UseTransaction(() => { var task = taskDao.GetById(taskId); if (task == null) { throw new SecurityException(NOT_AUTHORIZED); } AuthorizeJob(pm, task.JobId, requiredPermission); }); }
public static DB.Permission ToEntity(DT.Permission source) { if (source == DT.Permission.Full) { return(DB.Permission.Full); } else if (source == DT.Permission.NotAllowed) { return(DB.Permission.NotAllowed); } else if (source == DT.Permission.Read) { return(DB.Permission.Read); } else { return(DB.Permission.NotAllowed); } }